---
sidebar_position: 2
title: Quick Start
---

# Quick Start

Dep-scan can be run as a server or using cli.
:::tip
Recommended way to use dep-scan is via the docker container
:::

## Dep-scan cli (docker)

Run dep-scan quickly on your project and receive reports in `reports` directory.

```bash
cd /path/to/your/project
docker run --rm -v $PWD:/app ghcr.io/owasp-dep-scan/dep-scan depscan --src /app --reports-dir /app/reports
```

:::tip
for more usage options view [Usages Section](cli-usage#scanning-projects-locally-docker-container)
:::

## Dep-scan server (docker)

Running the following command in dep-scan repository should start dep-scan server on port 7070.
```bash
docker compose up
```

## Dep-scan Sample Report

The entire report for `java-sec-code` can be downloaded here <a href="https://huggingface.co/datasets/AppThreat/ukaina/tree/main/java/java-sec-code" target="_blank">java-sec-code</a>

### Recommendation part of the sample report

```
The vulnerabilities below have been prioritized by depscan. Follow your team’s remediation workflow to address these findings.

                                                                              Top Priority (BOM)
╔════════════════════════════════════════════════════════════╤══════════════════╤═════════════╤══════════════════════════════════════════════════════════════════════════════╗
║ Package                                                    │ Prioritized CVEs │ Fix Version │ Next Steps                                                                   ║
╟────────────────────────────────────────────────────────────┼──────────────────┼─────────────┼──────────────────────────────────────────────────────────────────────────────╢
║ pkg:maven/org.springframework.boot/spring-boot-starter-web │ CVE-2022-22965   │             │ depscan is unable to determine a fixed version. Refer to the project’s       ║
║                                                            │                  │             │ documentation and issue tracker for possible upgrade options.                ║
╟────────────────────────────────────────────────────────────┼──────────────────┼─────────────┼──────────────────────────────────────────────────────────────────────────────╢
║ pkg:maven/ch.qos.logback/logback-core                      │ CVE-2021-42550   │             │ depscan is unable to determine a fixed version. Refer to the project’s       ║
║                                                            │                  │             │ documentation and issue tracker for possible upgrade options.                ║
╟────────────────────────────────────────────────────────────┼──────────────────┼─────────────┼──────────────────────────────────────────────────────────────────────────────╢
║ pkg:maven/org.apache.tomcat.embed/tomcat-embed-core        │ CVE-2024-21733   │ 8.5.99      │ With 16 vulnerabilities, identify the challenges involved in updating this   ║
║                                                            │ CVE-2023-46589   │             │ package to version '8.5.99'. With potentially exploitable CVEs present, care ║
║                                                            │ CVE-2022-42252   │             │ must be taken to manage the risks.                                           ║
║                                                            │ CVE-2021-25329   │             │                                                                              ║
║                                                            │ CVE-2021-25122   │             │                                                                              ║
║                                                            │ CVE-2020-1938    │             │                                                                              ║
║                                                            │ CVE-2019-17563   │             │                                                                              ║
║                                                            │ CVE-2019-12418   │             │                                                                              ║
║                                                            │ CVE-2019-10072   │             │                                                                              ║
║                                                            │ CVE-2019-0232    │             │                                                                              ║
║                                                            │ CVE-2019-0221    │             │                                                                              ║
║                                                            │ CVE-2019-0199    │             │                                                                              ║
║                                                            │ CVE-2018-8034    │             │                                                                              ║
║                                                            │ CVE-2018-8014    │             │                                                                              ║
║                                                            │ CVE-2018-1336    │             │                                                                              ║
║                                                            │ CVE-2018-11784   │             │                                                                              ║
╟────────────────────────────────────────────────────────────┼──────────────────┼─────────────┼──────────────────────────────────────────────────────────────────────────────╢
║ pkg:maven/org.springframework/spring-web                   │ CVE-2024-22262   │             │ Check the package’s issue tracker for available patches and workarounds.     ║
║                                                            │ CVE-2024-22259   │             │                                                                              ║
║                                                            │ CVE-2024-22243   │             │                                                                              ║
```
